Merge pull request #29 from MangoIV/develop

[chore] documentation update for #21, repair nix dev env
MangoIV · Jun 15, 2024 · 6ef378b · 6ef378b
2 parents 5603647 + e28ed87
commit 6ef378b
Show file tree

Hide file tree

Showing 23 changed files with 522 additions and 161 deletions.
diff --git a/.github/workflows/cabal-audit.yml b/.github/workflows/cabal-audit.yml
@@ -1,4 +1,4 @@
-name: Build cabal-audit
+name: nix checks and build
 
 on:
   workflow_dispatch:
@@ -11,7 +11,7 @@ on:
 
 jobs:
   build:
-    name: Build cabal-audit and Docker image
+    name: Build cabal-audit
     runs-on: ubuntu-latest
 
     steps:
@@ -35,31 +35,23 @@ jobs:
         run: |
           nix -Lv build
 
-      - name: Build cabal-audit docker image
+      - name: Build cabal-audit static
         run: |
-          nix -Lv build .#cabal-audit-docker -o result-docker
+          nix -Lv build .#cabal-audit-static -o result-static
 
       - name: Create release artifacts
         run: | 
           mkdir -p artifacts
 
-          cp result/bin/cabal-audit artifacts
+          cp result-static/bin/cabal-audit artifacts
           chmod +x artifacts/cabal-audit
 
-          cp result-docker artifacts/cabal-audit-docker.tar
-
       - name: Upload static cabal-audit exe
         uses: actions/upload-artifact@v4
         with:
           name: cabal-audit
           path: artifacts/cabal-audit
 
-      - name: Upload cabal-audit docker
-        uses: actions/upload-artifact@v4
-        with:
-          name: cabal-audit-docker.tar
-          path: artifacts/cabal-audit-docker.tar
-
       - name: Release nightly cabal-audit exe
         if: github.ref == 'refs/heads/main'
         uses: softprops/action-gh-release@v2
@@ -68,5 +60,4 @@ jobs:
           tag_name: nightly
           files: |
             artifacts/cabal-audit
-            artifacts/cabal-audit-docker.tar
           fail_on_unmatched_files: true
diff --git a/.github/workflows/check-regen-nix.yml b/.github/workflows/check-regen-nix.yml
@@ -1,4 +1,4 @@
-name: Build cabal-audit
+name: check nix regeneration
 
 on:
   pull_request:
@@ -25,6 +25,7 @@ jobs:
 
       - name: regenerate nix
         run: | 
+          nix run nixpkgs#cabal-install -- update
           export PRJ_ROOT=./.
           nix -Lv run .#regen-nix
 

diff --git a/.github/workflows/haskell-ci.yml b/.github/workflows/haskell-ci.yml
@@ -1,4 +1,4 @@
-name: Build cabal-audit with many ghc versions
+name: cabal-build cabal-audit
 
 on:
   workflow_dispatch:
@@ -40,6 +40,8 @@ jobs:
         with:
           ghc-version: ${{ matrix.ghc }}
           cabal-version: 'latest'
+      - name: Update 
+        run: cabal update
       - name: Freeze
         run: cabal freeze
       - name: Cache

diff --git a/.github/workflows/update-lock-file.yml b/.github/workflows/update-lock-file.yml
@@ -1,4 +1,5 @@
 name: update-flake-lock
+
 on:
   workflow_dispatch:
   schedule:

diff --git a/.hlint.yaml b/.hlint.yaml
@@ -0,0 +1 @@
+- ignore: {name: 'Use :'}
diff --git a/README.md b/README.md
@@ -18,8 +18,9 @@ To install `cabal-audit`, you can use Nix by running the following command:
 nix run github:mangoiv/cabal-audit -- --help
 ```
 
-If you don't use `nix`, you can also build from source with `cabal` or
-[download a static executable from one of the latest workflow runs](https://github.com/MangoIV/cabal-audit/releases/tag/nightly).
+If you don't use `nix`, you can also build from source with `cabal`. Just clone the repository and run `cabal install`.
+
+You can also [download a static executable from one of the latest workflow runs](https://github.com/MangoIV/cabal-audit/releases/tag/nightly).
 
 > [!Note]
 > We also have a `cachix`. If you trust me (which I do not recommend, never trust anybody!), run `cachix use cabal-audit` to 
@@ -90,6 +91,9 @@ dependency "process" at version 1.6.17.0 is vulnerable for:
 
 ## Contributing
 
-Contributions are welcome. This repo is flake-enabled. To setup a `devShell`, run `nix develop` or `direnv allow`.
+Contributions are welcome. 
+
+Building the project in a non-nix environment should be as easy as `cabal build`, the build is tested against multiple ghc versions and operating systems in the CI so it should always work with one of these. If you don't use nix, installing the necessary tooling is as always possible with [ghcup](https://www.haskell.org/ghcup/).
 
+This repo is flake-enabled. To setup a `devShell`, run `nix develop` or `direnv allow`.
 If you change dependencies, please run `regen-nix` to regenerate the nix derivations.
diff --git a/cabal-audit.cabal b/cabal-audit.cabal
@@ -35,35 +35,50 @@ common common-all
 
   default-extensions:
     BlockArguments
+    DataKinds
     DeriveGeneric
     DerivingStrategies
+    DerivingVia
+    DuplicateRecordFields
     EmptyCase
+    FlexibleContexts
+    FlexibleInstances
     GADTs
     ImportQualifiedPost
     LambdaCase
+    MultiParamTypeClasses
     NamedFieldPuns
     NoStarIsType
+    OverloadedLists
+    OverloadedRecordDot
     OverloadedStrings
     PartialTypeSignatures
     RankNTypes
     ScopedTypeVariables
     StandaloneDeriving
     StandaloneKindSignatures
     TypeApplications
+    TypeFamilies
+    TypeOperators
+    UndecidableInstances
     ViewPatterns
 
 library
   import:           common-all
   exposed-modules:
+    Control.Effect.Pretty
     Distribution.Audit
     Security.Advisories.Cabal
+    Security.Advisories.SBom.CycloneDX
+    Security.Advisories.SBom.Types
 
   build-depends:
     , aeson
     , base                  <5
     , bytestring
     , Cabal
     , cabal-install
+    , chronos
     , colourista
     , containers
     , filepath
@@ -73,11 +88,15 @@ library
     , http-client
     , kan-extensions
     , optparse-applicative
+    , pretty
     , process
     , temporary
     , text
+    , transformers
     , unliftio
+    , uuid
     , validation-selective
+    , vector
 
   hs-source-dirs:   src
   default-language: Haskell2010

diff --git a/cabal.project b/cabal.project
@@ -1,12 +1,17 @@
 packages:
   ./.
 
+-- unreleased changes in hsec-tools and hsec-core
 source-repository-package
   type: git
-  subdir: code/hsec-core
   subdir: code/hsec-tools
-  subdir: code/cvss
-  subdir: code/osv
   location: https://github.com/haskell/security-advisories.git
+  tag: 4b773dd6d3ab31313fa7f2470053980af175bf27
+
+source-repository-package
+  type: git
+  subdir: code/hsec-core
+  location: https://github.com/haskell/security-advisories.git
+  tag: 4b773dd6d3ab31313fa7f2470053980af175bf27
 
 test-show-details: direct
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -50,6 +50,8 @@
           };
         };
 
+        devShells.plain-haskell = import ./nix/haskell-shell.nix {inherit hspkgs;};
+
         # https://flake.parts/options/devshell for more information; one of the advantages is
         # the beautiful menu this provides where one can add commands that are offered and loaded
         # as part of the devShell
@@ -69,38 +71,34 @@
           ];
           devshell = {
             name = "cabal-audit";
-            packagesFrom = [(import ./nix/haskell-shell.nix {inherit pkgs hspkgs;})];
+            packagesFrom = [config.devShells.plain-haskell];
             packages = [pkgs.cabal2nix pkgs.alejandra];
             startup.pre-commit.text = config.pre-commit.installationScript;
           };
         };
 
         packages = {
+          inherit (hspkgs) cabal-audit;
+          inherit (pkgs) groff;
           default = config.packages.cabal-audit;
-          cabal-audit = hlib.justStaticExecutables hspkgs.cabal-audit;
-          cabal-audit-docker = pkgs.dockerTools.buildImage {
-            name = "cabal-audit-docker";
-            tag = "latest";
-            copyToRoot = [
-              config.packages.cabal-audit
-              pkgs.haskellPackages.ghc
-              pkgs.git
-              pkgs.wget
-            ];
-            config = {
-              Cmd = ["/bin/cabal-audit"];
-              WorkingDir = "/workspace";
-            };
-          };
+          cabal-audit-static = import ./nix/static.nix {inherit pkgs;};
           regen-nix = pkgs.writeShellApplication {
             name = "regen-cabal-audit-nix";
             runtimeInputs = [pkgs.cabal2nix pkgs.alejandra];
             text = ''
               pushd "$PRJ_ROOT"/nix
-              cabal2nix https://github.com/haskell/security-advisories.git --subpath code/hsec-core/ > ./hsec-core.nix
-              cabal2nix https://github.com/haskell/security-advisories.git --subpath code/cvss/ > ./cvss.nix
-              cabal2nix https://github.com/haskell/security-advisories.git --subpath code/osv/ > ./osv.nix
-              cabal2nix https://github.com/haskell/security-advisories.git --subpath code/hsec-tools/ > ./hsec-tools.nix
+              cabal2nix cabal://toml-parser > ./toml-parser.nix
+              cabal2nix cabal://cvss > ./cvss.nix
+              cabal2nix cabal://osv > ./osv.nix
+              # unreleased changes
+              # cabal2nix cabal://hsec-core > ./hsec-core.nix
+              # cabal2nix cabal://hsec-tools > ./hsec-tools.nix
+              cabal2nix https://github.com/haskell/security-advisories.git \
+                --revision 4b773dd6d3ab31313fa7f2470053980af175bf27 \
+                --subpath code/hsec-core/ > ./hsec-core.nix
+              cabal2nix https://github.com/haskell/security-advisories.git \
+                --revision 4b773dd6d3ab31313fa7f2470053980af175bf27 \
+                --subpath code/hsec-tools/ > ./hsec-tools.nix
               cabal2nix ../. > ./cabal-audit.nix
               alejandra ./.
               popd